[151849] in North American Network Operators' Group
Re: Attack on the DNS ?
daemon@ATHENA.MIT.EDU (Ameen Pishdadi)
Sat Mar 31 23:29:54 2012
In-Reply-To: <0BEE9226-A2DF-4963-8396-4EB1E8002C2A@gmail.com>
From: Ameen Pishdadi <apishdadi@gmail.com>
Date: Sat, 31 Mar 2012 22:30:10 -0500
To: Greg Ihnen <os10rules@gmail.com>
Cc: "nanog@nanog.org list" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Looks like your network has a user or two participating in this retarded att=
empt to drop the Internet.
Thanks,
Ameen Pishdadi
On Mar 31, 2012, at 8:30 PM, Greg Ihnen <os10rules@gmail.com> wrote:
> I manage a tiny network in the Amazon, a satellite internet connection and=
decent sized wireless network.
>=20
> All of my users started complaining yesterday about lost connectivity exce=
pt for Skype. I had no problems. I checked from the users' computers and co=
uld not resolve domain names (when Skype connects and nothing else does it's=
always been a DNS issue). After much troubleshooting I finally fired up Wir=
eshark and saw that the DNS servers (or someone appearing to have their IP a=
ddresses) were replying to our queries with "no such name".
>=20
> The reason I was having no problems is I'm using OpenDNS' DNSCrypt. With D=
NSCrypt on we have no problems. With good old fashioned unencrypted DNS (Goo=
gles, OpenDNS', our ISPs) we're barely able to communicate.
>=20
> Is DNS traffic being directed to bogus servers? Are the real servers being=
overloaded? Am I seeing the results of some kind of DDOS mitigation techniq=
ue?
>=20
> Is anyone else seeing this?
>=20
> Greg Ihnen
